Analysis
-
max time kernel
448s -
max time network
444s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
-
submitted
26-11-2024 17:38
General
-
Target
https://buzzheavier.com/41eeytvkd0fg
Malware Config
Extracted
lumma
https://winterchill.shop/api
https://blade-govern.sbs/api
https://story-tense-faz.sbs/api
https://disobey-curly.sbs/api
https://motion-treesz.sbs/api
https://powerful-avoids.sbs/api
Signatures
-
Lumma Stealer, LummaC
Lumma or LummaC is an infostealer written in C++ first seen in August 2022.
-
Lumma family
-
A potential corporate email address has been identified in the URL: #Pa$$w0𝑅D-5917__Sat-Up@!
-
A potential corporate email address has been identified in the URL: #Pa$$w0𝑅D-5917__Sat-Up@!.zip
-
Executes dropped EXE 31 IoCs
-
Loads dropped DLL 31 IoCs
-
Blocklisted process makes network request 7 IoCs
-
Suspicious use of SetThreadContext 3 IoCs
-
Browser Information Discovery 1 TTPs
Enumerate browser information.
-
System Location Discovery: System Language Discovery 1 TTPs 36 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Checks SCSI registry key(s) 3 TTPs 3 IoCs
SCSI information is often read in order to detect sandboxing environments.
-
Enumerates system info in registry 2 TTPs 3 IoCs
-
Modifies registry class 1 IoCs
-
Suspicious behavior: AddClipboardFormatListener 1 IoCs
-
Suspicious behavior: EnumeratesProcesses 64 IoCs
-
Suspicious behavior: GetForegroundWindowSpam 2 IoCs
-
Suspicious behavior: MapViewOfSection 5 IoCs
-
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 18 IoCs
-
Suspicious use of AdjustPrivilegeToken 11 IoCs
-
Suspicious use of FindShellTrayWindow 64 IoCs
-
Suspicious use of SendNotifyMessage 64 IoCs
-
Suspicious use of SetWindowsHookEx 4 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://buzzheavier.com/41eeytvkd0fg1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe66e046f8,0x7ffe66e04708,0x7ffe66e047182⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2120,5752428137072164083,2734127657994696971,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2132 /prefetch:22⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2120,5752428137072164083,2734127657994696971,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2288 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2120,5752428137072164083,2734127657994696971,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2960 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,5752428137072164083,2734127657994696971,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3356 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,5752428137072164083,2734127657994696971,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3368 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,5752428137072164083,2734127657994696971,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5020 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,5752428137072164083,2734127657994696971,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5216 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2120,5752428137072164083,2734127657994696971,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4792 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2120,5752428137072164083,2734127657994696971,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4792 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,5752428137072164083,2734127657994696971,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5020 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,5752428137072164083,2734127657994696971,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3380 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,5752428137072164083,2734127657994696971,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5296 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,5752428137072164083,2734127657994696971,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5220 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,5752428137072164083,2734127657994696971,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5996 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,5752428137072164083,2734127657994696971,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5956 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,5752428137072164083,2734127657994696971,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5248 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,5752428137072164083,2734127657994696971,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6356 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2120,5752428137072164083,2734127657994696971,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=6896 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,5752428137072164083,2734127657994696971,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6904 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2120,5752428137072164083,2734127657994696971,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6836 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,5752428137072164083,2734127657994696971,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4872 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2120,5752428137072164083,2734127657994696971,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5200 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,5752428137072164083,2734127657994696971,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7120 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,5752428137072164083,2734127657994696971,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5168 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,5752428137072164083,2734127657994696971,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5780 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2120,5752428137072164083,2734127657994696971,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5756 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,5752428137072164083,2734127657994696971,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1704 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2120,5752428137072164083,2734127657994696971,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4956 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files\VideoLAN\VLC\vlc.exe"C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\Downloads\You.are.Ms..Servant.S01E08.The.Autumn.With.You.and.the.Sauce..1080p.CR.WEB-DL.JPN.AAC2.0.H.264.MSubs-ToonsHub.mkv"2⤵
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding1⤵
-
C:\Program Files\7-Zip\7zG.exe"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\#Pa$$w0𝑅D-5917__Sat-Up@!\#Use-5917-to-0pen!\" -ad -an -ai#7zMap20705:148:7zEvent145871⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
-
C:\Windows\system32\AUDIODG.EXEC:\Windows\system32\AUDIODG.EXE 0x4fc 0x4b01⤵
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\system32\taskmgr.exe"C:\Windows\system32\taskmgr.exe" /01⤵
- Checks SCSI registry key(s)
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SendNotifyMessage
-
C:\Users\Admin\Downloads\SatUp-Here\Set-up.exe"C:\Users\Admin\Downloads\SatUp-Here\Set-up.exe"1⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: MapViewOfSection
-
C:\Windows\SysWOW64\more.comC:\Windows\SysWOW64\more.com2⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: MapViewOfSection
-
C:\Windows\SysWOW64\msiexec.exeC:\Windows\SysWOW64\msiexec.exe3⤵
- Blocklisted process makes network request
- System Location Discovery: System Language Discovery
-
-
-
C:\Users\Admin\Downloads\SatUp-Here\Set-up.exe"C:\Users\Admin\Downloads\SatUp-Here\Set-up.exe"1⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: MapViewOfSection
-
C:\Windows\SysWOW64\more.comC:\Windows\SysWOW64\more.com2⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: MapViewOfSection
-
C:\Windows\SysWOW64\msiexec.exeC:\Windows\SysWOW64\msiexec.exe3⤵
- System Location Discovery: System Language Discovery
-
-
-
C:\Users\Admin\Downloads\SatUp-Here\Set-up.exe"C:\Users\Admin\Downloads\SatUp-Here\Set-up.exe"1⤵
- Executes dropped EXE
- Loads dropped DLL
- System Location Discovery: System Language Discovery
-
C:\Users\Admin\Downloads\SatUp-Here\Set-up.exe"C:\Users\Admin\Downloads\SatUp-Here\Set-up.exe"1⤵
- Executes dropped EXE
- Loads dropped DLL
- System Location Discovery: System Language Discovery
-
C:\Users\Admin\Downloads\SatUp-Here\Set-up.exe"C:\Users\Admin\Downloads\SatUp-Here\Set-up.exe"1⤵
- Executes dropped EXE
- Loads dropped DLL
- System Location Discovery: System Language Discovery
-
C:\Users\Admin\Downloads\SatUp-Here\Set-up.exe"C:\Users\Admin\Downloads\SatUp-Here\Set-up.exe"1⤵
- Executes dropped EXE
- Loads dropped DLL
- System Location Discovery: System Language Discovery
-
C:\Users\Admin\Downloads\SatUp-Here\Set-up.exe"C:\Users\Admin\Downloads\SatUp-Here\Set-up.exe"1⤵
- Executes dropped EXE
- Loads dropped DLL
- System Location Discovery: System Language Discovery
-
C:\Users\Admin\Downloads\SatUp-Here\Set-up.exe"C:\Users\Admin\Downloads\SatUp-Here\Set-up.exe"1⤵
- Executes dropped EXE
- Loads dropped DLL
- System Location Discovery: System Language Discovery
-
C:\Users\Admin\Downloads\SatUp-Here\Set-up.exe"C:\Users\Admin\Downloads\SatUp-Here\Set-up.exe"1⤵
- Executes dropped EXE
- Loads dropped DLL
- System Location Discovery: System Language Discovery
-
C:\Users\Admin\Downloads\SatUp-Here\Set-up.exe"C:\Users\Admin\Downloads\SatUp-Here\Set-up.exe"1⤵
- Executes dropped EXE
- Loads dropped DLL
- System Location Discovery: System Language Discovery
-
C:\Users\Admin\Downloads\SatUp-Here\Set-up.exe"C:\Users\Admin\Downloads\SatUp-Here\Set-up.exe"1⤵
- Executes dropped EXE
- Loads dropped DLL
- System Location Discovery: System Language Discovery
-
C:\Users\Admin\Downloads\SatUp-Here\Set-up.exe"C:\Users\Admin\Downloads\SatUp-Here\Set-up.exe"1⤵
- Executes dropped EXE
- Loads dropped DLL
- System Location Discovery: System Language Discovery
-
C:\Users\Admin\Downloads\SatUp-Here\Set-up.exe"C:\Users\Admin\Downloads\SatUp-Here\Set-up.exe"1⤵
- Executes dropped EXE
- Loads dropped DLL
- System Location Discovery: System Language Discovery
-
C:\Users\Admin\Downloads\SatUp-Here\Set-up.exe"C:\Users\Admin\Downloads\SatUp-Here\Set-up.exe"1⤵
- Executes dropped EXE
- Loads dropped DLL
- System Location Discovery: System Language Discovery
-
C:\Users\Admin\Downloads\SatUp-Here\Set-up.exe"C:\Users\Admin\Downloads\SatUp-Here\Set-up.exe"1⤵
- Executes dropped EXE
- Loads dropped DLL
- System Location Discovery: System Language Discovery
-
C:\Users\Admin\Downloads\SatUp-Here\Set-up.exe"C:\Users\Admin\Downloads\SatUp-Here\Set-up.exe"1⤵
- Executes dropped EXE
- Loads dropped DLL
- System Location Discovery: System Language Discovery
-
C:\Users\Admin\Downloads\SatUp-Here\Set-up.exe"C:\Users\Admin\Downloads\SatUp-Here\Set-up.exe"1⤵
- Executes dropped EXE
- Loads dropped DLL
- System Location Discovery: System Language Discovery
-
C:\Users\Admin\Downloads\SatUp-Here\Set-up.exe"C:\Users\Admin\Downloads\SatUp-Here\Set-up.exe"1⤵
- Executes dropped EXE
- Loads dropped DLL
- System Location Discovery: System Language Discovery
-
C:\Users\Admin\Downloads\SatUp-Here\Set-up.exe"C:\Users\Admin\Downloads\SatUp-Here\Set-up.exe"1⤵
- Executes dropped EXE
- Loads dropped DLL
- System Location Discovery: System Language Discovery
-
C:\Users\Admin\Downloads\SatUp-Here\Set-up.exe"C:\Users\Admin\Downloads\SatUp-Here\Set-up.exe"1⤵
- Executes dropped EXE
- Loads dropped DLL
- System Location Discovery: System Language Discovery
-
C:\Users\Admin\Downloads\SatUp-Here\Set-up.exe"C:\Users\Admin\Downloads\SatUp-Here\Set-up.exe"1⤵
- Executes dropped EXE
- Loads dropped DLL
- System Location Discovery: System Language Discovery
-
C:\Users\Admin\Downloads\SatUp-Here\Set-up.exe"C:\Users\Admin\Downloads\SatUp-Here\Set-up.exe"1⤵
- Executes dropped EXE
- Loads dropped DLL
- System Location Discovery: System Language Discovery
-
C:\Users\Admin\Downloads\SatUp-Here\Set-up.exe"C:\Users\Admin\Downloads\SatUp-Here\Set-up.exe"1⤵
- Executes dropped EXE
- Loads dropped DLL
- System Location Discovery: System Language Discovery
-
C:\Users\Admin\Downloads\SatUp-Here\Set-up.exe"C:\Users\Admin\Downloads\SatUp-Here\Set-up.exe"1⤵
- Executes dropped EXE
- Loads dropped DLL
- System Location Discovery: System Language Discovery
-
C:\Users\Admin\Downloads\SatUp-Here\Set-up.exe"C:\Users\Admin\Downloads\SatUp-Here\Set-up.exe"1⤵
- Executes dropped EXE
- Loads dropped DLL
- System Location Discovery: System Language Discovery
-
C:\Users\Admin\Downloads\SatUp-Here\Set-up.exe"C:\Users\Admin\Downloads\SatUp-Here\Set-up.exe"1⤵
- Executes dropped EXE
- Loads dropped DLL
- System Location Discovery: System Language Discovery
-
C:\Users\Admin\Downloads\SatUp-Here\Set-up.exe"C:\Users\Admin\Downloads\SatUp-Here\Set-up.exe"1⤵
- Executes dropped EXE
- Loads dropped DLL
- System Location Discovery: System Language Discovery
-
C:\Users\Admin\Downloads\SatUp-Here\Set-up.exe"C:\Users\Admin\Downloads\SatUp-Here\Set-up.exe"1⤵
- Executes dropped EXE
- Loads dropped DLL
- System Location Discovery: System Language Discovery
-
C:\Users\Admin\Downloads\SatUp-Here\Set-up.exe"C:\Users\Admin\Downloads\SatUp-Here\Set-up.exe"1⤵
- Executes dropped EXE
- Loads dropped DLL
- System Location Discovery: System Language Discovery
-
C:\Users\Admin\Downloads\SatUp-Here\Set-up.exe"C:\Users\Admin\Downloads\SatUp-Here\Set-up.exe"1⤵
- Executes dropped EXE
- Loads dropped DLL
- System Location Discovery: System Language Discovery
-
C:\Users\Admin\Downloads\SatUp-Here\Set-up.exe"C:\Users\Admin\Downloads\SatUp-Here\Set-up.exe"1⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
- Suspicious behavior: MapViewOfSection
-
C:\Windows\SysWOW64\more.comC:\Windows\SysWOW64\more.com2⤵
- System Location Discovery: System Language Discovery
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD58749e21d9d0a17dac32d5aa2027f7a75
SHA1a5d555f8b035c7938a4a864e89218c0402ab7cde
SHA256915193bd331ee9ea7c750398a37fbb552b8c5a1d90edec6293688296bda6f304
SHA512c645a41180ed01e854f197868283f9b40620dbbc813a1c122f6870db574ebc1c4917da4d320bdfd1cc67f23303a2c6d74e4f36dd9d3ffcfa92d3dfca3b7ca31a
-
Filesize
152B
MD534d2c4f40f47672ecdf6f66fea242f4a
SHA14bcad62542aeb44cae38a907d8b5a8604115ada2
SHA256b214e3affb02a2ea4469a8bbdfa8a179e7cc57cababd83b4bafae9cdbe23fa33
SHA51250fba54ec95d694211a005d0e3e6cf5b5677efa16989cbf854207a1a67e3a139f32b757c6f2ce824a48f621440b93fde60ad1dc790fcec4b76edddd0d92a75d6
-
Filesize
1KB
MD56cf82608dd6689a06cbbb16cbd03ce31
SHA17c392543d238cb7cd3a6e86d3c37663f99dd7842
SHA2565c61a4981903fdea9cb5ec655727bc7c3625129cbd5cf06d09098e30629db8b3
SHA512341883c4b859115595a10f5b3e72aa0a23248e6dd7a2c10596add562289633757935dd8ea2326ef03ba1a5e9d7aa4abd5f230f50ce843be8f5235b69f71d1a4f
-
Filesize
215KB
MD52be38925751dc3580e84c3af3a87f98d
SHA18a390d24e6588bef5da1d3db713784c11ca58921
SHA2561412046f2516b688d644ff26b6c7ef2275b6c8f132eb809bd32e118208a4ec1b
SHA5121341ffc84f16c1247eb0e9baacd26a70c6b9ee904bc2861e55b092263613c0f09072efd174b3e649a347ef3192ae92d7807cc4f5782f8fd07389703d75c4c4e2
-
Filesize
1KB
MD5def0da7097db594cc3e094e77ea484e1
SHA1b5bf3c51df66940797c9251ad4af17ad11eb1345
SHA25682cec3630b18ae5948b336a0e399417bb6b2c2a28bad01fd4f6a150d18dc0cc0
SHA51205c8c9dfe52a039577e620ce00398a85eab5e2d1cfc0a58821485d8247ebba076d90ad23127ac25f4ead9cda1c66d25b3e2e6771ee5942473604b432a88137ea
-
Filesize
144B
MD57f0b38c73fb98d446ed762eb25bbe4be
SHA12b6da62b86fac765c2e322eea32ca80129628239
SHA2568822bbcc936186c254f7a57715caa94edca90995d87e7834b3fe012df2c4e8d6
SHA5129e4c9dee4aac68f7172a661bf53a5573c09f143e86f1c460b175ca7c11347a10e7a3c458c04fe0264f6932e85f8814b168ec65f889a7f5cdae9502fa5e213080
-
Filesize
384B
MD54887347408b8389ccd400f407d7d698b
SHA191082395d0d7b7f9e92960545b769a8d7d33ea24
SHA256bb52ba74ad48408074ca186d6e57203c059745e3a17535f4189ee2f5afa7be05
SHA51277383cb7d1ad2a7c092a3689d04a19ed5d61b44ea3c02d2495d5d5504740ae41f89decbbe49917ac4ce734abb78e9400a6ecb99621d506340dbdd427a1eefc4c
-
Filesize
1KB
MD566fb793aa0ea29cef84c7e970627d1af
SHA183b0a5d913f452f63785cc420ec038e36a27336d
SHA256a6d378559b29cc44400ce1677fc74cc764a92c872636cf3fa712e9e3f718587e
SHA51228d5a66a8ff37a0501c4de67670e76251e892b61584828a45bd7319e222c16698be24a4e6401d99ccae2cead1f72c1ba8687de4a695165fee6660b9d524d4f4e
-
Filesize
4KB
MD543f4bd9792e053eb6e10b73af8e4b841
SHA1269d2adf91774f5ef95f453f002460485c2544b2
SHA2568b9a4927ee4c9ec172e5c3243d90807ebd180b706103c61593e4e511fa4acf36
SHA5123e6dab2d15a628803ca42a0d51b64c9fd043f34111668b3b8878a0da9f125f2bf6cd85a67e03966ea20e65b3ab23bbb67429abcde3e2cfbf9961d6aa7e6ea615
-
Filesize
2KB
MD57bf74035c4c67e48749b296a4c258252
SHA1c22d7f257faf8311c8ff74fbc98a95418814d45c
SHA2564e665fea509a048e4cad2e867c0d05074579f02bdd32cb9735f81c62f43a1b49
SHA5120fcdd570edc1127f5f0d536c8bd5318add1cc3e5d114b6d975119f1c62445a994a45cb6cf9de95de9cb3b18b18b33d670961f740ff70187ff370b4fb250437f2
-
Filesize
3KB
MD56b3c77a486858de633b7373cfeffcf82
SHA1b3333d3502ba314e214c6f4699c44a891ed24759
SHA2566d5b78e17b4667844766271b060a7d5cd78c0c68271aabb46176da0de7cad6e5
SHA51231955ffe0502cd01c93b70eead3e6d2703f0c75f6116246750fdf889f64c84a805e046697a7b04310e30936bb0fecba64e9f9b0d5cc58ef12017f1c05d470b6b
-
Filesize
4KB
MD5aeba0cb4567eb9fac43f3d5fec2bf6a4
SHA1056ea2308e5855996d0feb71fc7f82828ceefc55
SHA25651206331c9b1927c861ea5f095c526a4c4129258de936073162a13ac7afa4628
SHA5126b7b88c7efee4c704ee02982b2f9fef71158260e424d96d5093482bdb13fc1672461743d99245950825976d2decec8a1f0ad66bbde990ffd946e5e1043c54f93
-
Filesize
9KB
MD586d56ebbd0fdd6894eab474784a32034
SHA1c25ab4c73a712add2065f9a473fde41edb34abc7
SHA25652fc76b3e8f1b50258c69b25d1552144aa5de36b74f7907e0398b79f8a13ca6d
SHA512ee73666283d420c80f1dc4cfc03dd1393f0a3ce22ee924d76d315c52b462cced49ae181e974b7568e2e2229769112f3a663f210ba8e6211ffddef95311c86ce4
-
Filesize
7KB
MD5fa97d0c91f21681a2b843a40dbbe18fb
SHA1b9c2802d384a177e6547b96c2bfc8856c4089d0d
SHA256597858c128fcb7cdd921e8202f234d7d46d07ce26745f79d155cefae6194c706
SHA512c83a2d3bd5e0544fbb721c5a5bd893ae17790b4b1dbdb6ced36db2a4c5506a83e54763e2fc3a1dd6f7f6ca912fb29053b4fc5beb286d1c092e918d85d9c7c063
-
Filesize
6KB
MD5281c3217d4e1006203e428c8048e9942
SHA1eb862ae6c96d29ce342985aac61afd3088595667
SHA25670c3d781fc758a97a81c28db77a0702950a11c149e3131ae6beb172a20c8c692
SHA51279bbcb5c15e06638db9235e1aacb8af10ece83058f87c3fe56d643c1b22f1cdec04421b17fa8daa05f368e6e1836f5504935de197b1d1fcde4a0880f3974a32a
-
Filesize
72B
MD5ef95a78ab2a5acfaf072947bcee29b52
SHA1afd21fa2d783d3c0908bd731bb7a790431a6c88a
SHA2564c2d88874a70ef3e2eae4b6de62ad5a371653a86f2eaa031c3a444ce16701a11
SHA51220bf0b29a6708500f1ee6f49acac648088bab9f96b1719e7478f665d198048bee29287aceaf6d28c589d62d5b4ceac28869595b6651564f93f0de9a42440152d
-
Filesize
48B
MD5cdc959c6279991ef28a0ab0c7a7b6ad4
SHA1c0fa8109b2741729f5f96eeab212e07cd7ea4212
SHA25618c9e0d7e4e85665ea32e75fbef5f8d92b33f6f196064d9092838210123cc7a7
SHA512e6663a609bf4089bffc0b9d449df79db127613458fb5e86326914ae58c7788475bbdadec9d3b7738f0a965dcc5f415814fd05dd3c8eff5cd00af9bf7ec206ba5
-
Filesize
870B
MD5983cf320602abf459a59a5eebcdf4dd6
SHA101a3bbeb369138dd3e8b236cc29c53cc030278aa
SHA256051cf115ffac172fadda60a0f12fde6817870153ddf0e39586afccd59ef0af57
SHA512de26b838a904e84c0dbbe6e1b5310afa1dffc40ea196bf9127fd9d527501cd286b0cfac57df5f2908a83bbe5134194ec5aab06f7e41e5b00915f87cdc72d156a
-
Filesize
370B
MD542f48f3b8acde9871f8b9316d70624a8
SHA188d0d18568a8ac88c217a6e938eadbed81d5772f
SHA256c218b378d170683d0130a3ff29073c7e1af283eb024236adc1c148da0ca2dfc5
SHA51236fa6d4c230ad16ab8403de67d86602b9807aff578fc9e90af54701cd40a9f359561c5db4b5a0add9779b1fe550de1f6aa3a7aae9be68441720a99f5b77fb525
-
Filesize
5KB
MD5bfe838a80851d43029968fff47016f90
SHA10eb34fb2d76b1cdd50abe172c3e6163cef51b50d
SHA256da5bcea7861e0b233e3af442b5ed586976c5e2490b80c0974b5c3d2389af0068
SHA51266101eb5a0266073986e8ea8f18062b304f54406044a0ce00f3de6fd069c2d30d0388fa598004f26199b368877234d2478604a7d9940408a8b18116f4100e60c
-
Filesize
16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
Filesize
16B
MD5206702161f94c5cd39fadd03f4014d98
SHA1bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA2561005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA5120af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145
-
Filesize
11KB
MD5137f04fd6cab81b457cf5323d831347e
SHA16685ad864481b207bf0330b2f40db76c1c11a070
SHA2569713027f82e3caedc60579c996a54cc2537ff885f585fff2f99efc63a1696b94
SHA512b0ef62ebf2e542da97b2ac0b8d180d7a478a5c339d490a0a696427dc637e08ee25cab7437b84dde31e7376d35eb2d16ce7f7643c2e3c720a35d2e4d4136a8860
-
Filesize
10KB
MD563917074c6a90911f2b1b6b45c54e244
SHA147c3b67b3bc0657c326a2886cc1cea5a9b2e24c9
SHA2562ef7b0a5b674d0995a3b7d63b0866a495bb69fe05d3408aaa35e9c76eaa84212
SHA5122b96380a972300fb9bd2c43182ce96c99bf3836ad188a0173648e109c8be9d84193972aeec90c1c8954e950a912a0610b1d0e69cbdec5d930f94c4ed1fd1ac31
-
Filesize
10KB
MD5f6f9deaa157230c65dbbf3dad6394b22
SHA1ed0c8682e09cea1ab853626b1f96ecc080991812
SHA256e1b4713537a31900563c14f4df888949747868966ea8b425a60cfc88000be707
SHA512ff55e37a989322dfa982bce656e8a32ecd9589969917b0ec0ee9f740d0bcc9db7137f286d25a664e4c6d06083bba030f566d6e67f4f36b8f59b8fd2a6f8474ca
-
Filesize
11KB
MD59be9f47aa132a154db1ee19f80c3767e
SHA10d441c0b06b62087d7e5bca1d94482032b4bd9f2
SHA256217c144f1b63c4df3a00eff86b69a1c6a5c1bec0b8c60cb137c7bfc23c083f7b
SHA512ccbf5e2f3abb9cf5621ea33bfbd76a0d89fe007edccad9de81cfed59dcde1836218c81e5dff5c6d7c106fd0fe7801896a7ec75ab371ff6cc5f59fa012d2426d8
-
Filesize
1016KB
MD516e074b7a4a554a312e9ac64637e5d7a
SHA114b29bbc84dcbfcbcbddc359e58616ac0b194f9b
SHA2565f19da1fe97d018d5c4f82224575817cdbc6aa0bb57528443df0e94f3a74e662
SHA512b2b8dfc6cc670d557363cfe08308a5dc5ae5d824a6104f5177fb18e310956f8b1d3071cd39bda2d69d92a17c0b27482f8f96998d7a00a1835688bfb2d5cd62fb
-
Filesize
1016KB
MD54b5dc92ce21c0e64652a7c322050461c
SHA1255e0726c556eb88b874fbbca5fa78128f2a3a8f
SHA2569901d20fad208ce8198c4fa4fcd50781e98d8a7719d6e496f3220e0330d39847
SHA512357cb9d7cc004b166c92830d876b6369ed851e72ab5f688bff312fe70cc28c9515c3c2ebacbc39df6ec7115b1c891f169c20b1efe9c10ed384854d5387041b20
-
Filesize
1.8MB
MD5098ac4621ee0e855e0710710736c2955
SHA1ce7b88657c3449d5d05591314aaa43bd3e32bdaa
SHA25646afbf1cbd2e1b5e108c133d4079faddc7347231b0c48566fd967a3070745e7f
SHA5123042785b81bd18b641f0a2b5d8aec8ef86f9bf1269421fb96d1db35a913e744eaff16d9da7a02c8001435d59befb9f26bc0bbfa6e794811abf4282ed68b185fe
-
Filesize
15.6MB
MD5cdf6f41dd30c6024085b4d16ac265797
SHA1befc48b8bf7fe9e005190ac242835acda96efa68
SHA2562326376afbfacb1d8067bb924cb5e9588b4bcfcb1f11c3c555cf1272c0307e76
SHA512deefac51048876fb38f5b49eee7235b958c86722dd8f39697340e64d091f2a94b7381ca557add09a90713b7dfc5989a12c6a77d6ee382265bb01433078ce3f4c
-
Filesize
779KB
MD5d4c0c5c3498525dfe1a1e467d04adf70
SHA11fada9db19e76219a2a1ef23286458dbd4fdf6aa
SHA2562fe1ce837938166c23fcfd05f50c3337ec8da80e452996f11d7f2e419db29099
SHA51220d8161b0eabb601340345224388598ffb46e5cf5849fa3b61e009dc2bcc05a7b744c97fbf3f10a00532be1055e54aa66b01a2a09ee0f8111e790a20b498632e
-
Filesize
15KB
MD520aa873838ff8d9e189b8a3a6c77dcbd
SHA1bbdcb50777870c61b76034291e10d4c06f10e643
SHA25652ef82bbd07c36431181fd7311f1a7fa5de07401cba3ab2786220356f34b56da
SHA512db0a6736912900db9822eeecc88e1f953af128b32b14f02d76262f2195e065088279f44302967c40e67a1632967a55579191f3ffb3f6f79c84107ffa9ef432b9
-
MD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e
-
Filesize
208KB
-
Filesize
92KB
-
Filesize
68KB
-
Filesize
92KB
-
Filesize
2.7MB
-
Filesize
96KB
-
Filesize
68KB
-
Filesize
68KB
-
Filesize
68KB
-
Filesize
96KB
-
Filesize
16.7MB
-
Filesize
132KB
-
Filesize
260KB
-
Filesize
2.0MB
-
Filesize
2.7MB
-
Filesize
16.7MB
-
Filesize
2.7MB
-
Filesize
16.7MB
-
Filesize
2.7MB
-
Filesize
92KB
-
Filesize
68KB
-
Filesize
116KB
-
Filesize
68KB
-
Filesize
992KB